CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39254 – ntfs-3g: Integer overflow in memmove() leading to heap buffer overflow in ntfs_attr_record_resize()
https://notcve.org/view.php?id=CVE-2021-39254
A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar un desbordamiento de enteros en memmove, lo que conlleva un desbordamiento del búfer basado en la pila en la función ntfs_attr_record_resize, en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to an input validation flaw. A crafted NTFS image with invalid values could trigger an improper check. This incorrect check causes an integer overflow which then leads to a heap overflow. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39253 – ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i()
https://notcve.org/view.php?id=CVE-2021-39253
A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar una lectura fuera de límites en la función ntfs_runlists_merge_i en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to an input validation flaw. When processing a crafted NTFS image there is an improper check which leads to an out of bounds read. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-35268 – ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode
https://notcve.org/view.php?id=CVE-2021-35268
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges. En NTFS-3G versiones anteriores a 2021.8.22, cuando es cargado un inodo NTFS especialmente diseñado en la función ntfs_inode_real_open, puede ocurrir un desbordamiento del búfer de la pila, permitiendo una ejecución de código y una escalada de privilegios The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS inodes, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • http://ntfs-3g.com http://www.openwall.com/lists/oss-security/2021/08/30/1 https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI https://security.gentoo.org/glsa/202301-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-35269 – ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute from MFT
https://notcve.org/view.php?id=CVE-2021-35269
NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges. NTFS-3G versiones anteriores a 2021.8.22, cuando un atributo NTFS especialmente diseñado de la MFT es configurado en la función ntfs_attr_setup_flag, un desbordamiento de búfer de la pila puede ocurrir permitiendo una ejecución de código y una escalada de privilegios The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS attributes from the MFT , proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • http://ntfs-3g.com http://www.openwall.com/lists/oss-security/2021/08/30/1 https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa-4971 https://access.redhat.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39252 – ntfs-3g: Out-of-bounds read in ntfs_ie_lookup()
https://notcve.org/view.php?id=CVE-2021-39252
A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar una lectura fuera de los límites en la función ntfs_ie_lookup en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to an input validation flaw. When processing a crafted NTFS image there is an improper check which leads to an out of bounds read. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •